Detecting Mobile Ad Fraud by Counting Clicks
Many, if not most, marketers run campaigns based on install rates. It’s proof that a user was obtained and that marketing efforts were successful. However, as an attribution provider, Kochava sees all user traffic, and the number of clicks per attributed install doesn’t always add up. While the reasons may differ — be it an error or bad actors — it’s unwanted traffic, nonetheless. Detecting fraud by looking at click-to-install rates is one part of fraud abatement on mobile devices.
Kochava fraud detection algorithms frequently flag an inordinate number of clicks per install, which increase your ad spend and skew a campaign’s true outcome. Over the next several weeks, we will explore several scenarios, and show marketers and networks how to interpret our fraud reports.
The following table details the click-to-install (CTI) rate across multiple networks for an entertainment app during the month of January, 2017:
I use CTI instead of conversion rate (CVR) because it’s easier to see the difference between 1,000 and 10,000 clicks than between 0.001 and 0.0001. What’s a reasonable response rate for a network’s traffic? In other words, how many clicks are reasonable for an install?
When we think of a mobile install campaign, we envision a creative ad unit with a call to action that hooks the viewer’s interest. Ideally, the user clicks an ad unit, visits the App Store, and installs the target app. If this was the reality across the advertising space, we’d see CTIs with ranges between 1 and 10 — not in the thousands.
When an install occurs, the average CTI rate is close to 2.5. This varies by vertical—social apps are a bit higher, gaming apps are lower—but the average across all apps doesn’t have a huge range; it is between two and three clicks per install. This likely fits with your own experience. Think of the last app you installed. Perhaps you clicked on an ad, visited the App Store, but abandoned the install process. Then later maybe you saw another ad for the same app, which compelled you to finally install (for a total of two ad clicks). You didn’t click 9,000 ads for the same app before installing.
High click volumes: What’s going on here?
Why are we seeing such high click volumes relative to installs? Are these user-driven clicks, or something else? Are they forced redirects? We’ve all likely been on our phones or tablets when we’re suddenly in the App Store with no reasonable explanation as to how we got there — it seemingly “just happened.”
Are these self-clicking ads or recorded impressions?
The first reason for high click volumes could be self-clicking ads. Envision a video app that programmatically sends click activity in the background of the video, unbeknownst to the viewer. This may sound far-fetched, but it’s a relatively common practice among fraudsters.
The second could be that the clicks being recorded are actually impressions, meaning that the network serving the ad has broken the tracking integration. This may be the scariest scenario because it effectively takes the lowest intent of an advertising function (an impression that may engage the user) and calls it the highest intent ad function (a click, where the user engaged with it).
Click flooding
This last scenario becomes particularly problematic when it comes to web inventory because web ad units generally do not pass a device ID to match with an install, so a fingerprint match is used instead. The match is a combination of IP address and user agent (device type, OS, version, etc.). If the ecosystem is flooded with spurious clicks, and the fingerprint attribution lookback window is long, we can see a scenario where one user’s “click” can be credited to another user’s install.
For instance, let’s say the fingerprint attribution window is seven days. Over the course of a week, how many different IPs do we connect with? There are different IPs for home, work, commuting, the gym, restaurants, etc. Regarding the user agent, there are relatively few common distinct UA combinations. The latest iPhone with the current OS update makes up a large population of mobile users in the US. When one user with a relatively common profile connects to an IP address, where many other similar devices are connected, we start to see the attribution fallacy that encourages click flooding activity across the digital ad space. If I click on an ad on my device, someone else may install it and the network gets credited with my install — even though none of it was causal. I never actually “clicked” an ad, and the actual user who installed was not influenced by a paid marketing effort.
Here’s the point: If a network can get enough clicks flooding the ecosystem, they will be credited with installs they didn’t drive.
“What’s the big deal about attribution? Those installs happened — what’s there to cry about?”
THE WRONG PARTY IS BEING CREDITED!
This means that you could be managing your ad spend based on flawed data. The game, in this case, really becomes who can blanket the ad space with the most reported clicks. Forget about viewability. In many cases, the user doesn’t know there was an ad but took some action that generated a click in the background. And by blanketing the ad space with non-user-driven clicks, networks and sub-publishers are getting credit for installs that would happen anyway or are being driven by another source.
What should I do about attribution fraud?
If you’re a marketer, establish a baseline of your app’s mean clicks to install (MCTI) so you know what to expect from your campaigns. Once you have a ballpark figure, you can evaluate your campaign performance against this value. One way to do this is to leverage the Kochava Traffic Verifier which confirms that all traffic meets your defined requirements.
Frequency/volume caps for impressions and clicks are another great way to ensure you have the right traffic . Any activity beyond the threshold is considered unverified traffic for you to decide whether to attribute or not. Even better, couple frequency caps with real-time alerts to know when a threshold is surpassed.
Fraudsters have many tactics, but the right knowledge and tools can keep you in control of your traffic.
